This section describes optional application-specific configurations you may choose to include for the Account plugin.
Custom Date Formats
Some cartridges, such as the AccountPersonalInformation cartridge, require date formats. These cartridges reference the /atg/store/i18n/CustomDateFormatter component to determine the pattern to be used for dates. You can choose to specify custom dates for your application, for example, the B2CStore application module specifies the following date formats for each locale in CommerceAccelerator/Applications/B2CStore/Base/src/main/config/atg/store/i18n/CustomDateFormatter.properties:
customDateFormats=\ en=MM/dd/yyyy,\ de=dd.MM.yyyy,\ es=MM/dd/yyyy
If you do not specify any custom date formats, the format defaults to DateFormat.SHORT as defined by Java for the customer’s locale.
Account Menu Links
The handler for the AccountMenu cartridge is of type LinkMenu, and it specifies a list of menu options (links) that should be rendered for the Account menu. Because these links are application-specific, the configuration for them should exist in the application directory. For example, the CommerceAccelerator/Applications/B2CStore/Plugins/Account/src/main/config/atg/endeca/assembler/cartridge/handler/AccountMenu.properties file configures the account menu to render different links for authenticated shoppers and anonymous shoppers:
menuOptions=\ unauthenticatedMenuOptions=\ login=login,\ authenticatedMenuOptions=\ personalInformation=account:\ orderHistory=account/orders:\ addressBook=account/addressbook:\ paymentInformation=account/billing:\ changePassword=account/changepassword:\ checkoutDefaults=account/defaults
Access Controllers
Access control is used to manage access to a URL or REST service under certain circumstances; for example, authenticated shoppers should be able to access URLs that unauthenticated shoppers cannot. There are two accessor components, included in the Account module, that allow the application to determine if a shopper is logged in or not:
The
CommerceAccelerator/Plugins/Account/src/main/config/atg/userprofiling/NotLoggedInAccessControllercomponent references the/atg/targeting/NotLoggedInRuleSetServicecomponent that resides in theCommerceAccelerator/Plugins/Accountmodule. TheNotLoggedInRuleSetServicecomponent contains a rule to determine if the current shopper is not logged in.The
CommerceAccelerator/Plugins/Account/src/main/config/atg/userprofiling/LoggedInAccessControllercomponent references the/atg/targeting/LoggedInRuleSetServicecomponent that resides in theCommerceAccelerator/Plugins/Accountmodule. TheLoggedInRuleSetServicecomponent contains a rule to determine if the current shopper is logged in.
Determining if a shopper is logged in or not allows the application to restrict access to certain pages or REST services to authenticated users only. To create these restrictions, the Account module configures access control rules in the /atg/dynamo/servlet/dafpipeline/AccessControlServlet component. The rules provide mappings between paths and the AccessController objects that control access to those paths. For example, in the rules shown below, the LoggedInAccessController controls access to the /rest/model/atg/userprofiling/ProfileActor/logout REST service, meaning that only shoppers who have logged in will be able to access the REST service that logs them out.
accessControllers+=\ /rest/model/atg/userprofiling/ProfileActor/summary=\ /atg/rest/userprofiling/LoggedInAccessController,\ /rest/model/atg/userprofiling/ProfileActor/logout=\ /atg/rest/userprofiling/LoggedInAccessController,\ /rest/model/atg/userprofiling/ProfileActor/logout-success=\ /atg/rest/userprofiling/AllAccessController,\ /rest/model/atg/userprofiling/ProfileActor/logout-error=\ /atg/rest/userprofiling/AllAccessController
Because site URLs and REST services are often application-specific, application modules will likely need to augment the rules provided in the Account module itself. For example, the B2CStore module configures the following application-specific overrides in the CommerceAccelerator/Applications/B2CStore/Plugins/Account/src/main/config/atg/dynamo/servlet/dafpipeline/AccessControlServlet.properties file:
accessControllers+=\ /csa/login=/atg/userprofiling/NotLoggedInAccessController,\ /csa/account/register=/atg/userprofiling/NotLoggedInAccessController,\ /csa/account=/atg/userprofiling/LoggedInAccessController,\ /csa/account/orders/view=/atg/rest/userprofiling/AllAccessController # The URL to redirect to if access is denied. If the AccessController # supplies its own deniedAccessURL, it will overwrite this value. deniedAccessURL=/csa/login
The B2CStore module also overrides the deniedAccessURL in both the NotLoggedInAccessController and the LoggedInAccessController components. Because the LoggedInAccessController restricts access to authenticated shoppers, this component redirects the shopper to the /csa/login page when access is denied, providing the shopper with the ability to log in quickly. The NotLoggedInAccessController redirects shoppers to the /csa/home page when access is denied.
